Menu

Streamline Compliance and Audit Processes

The key attribute of the Nevis LANenforcer system is its identity-based approach to defining, managing and enforcing access policies, both to the network and critical network resources. Enforcing identity-based policies has traditionally been straight-forward at the application layer, but has been overwhelming in the network layer, due to the traditional network infrastructure’s lack of visibility to user identity and role-based policy definitions. Nevis changes all that, and allows easy enforcement of role-based access policies right at the network switch. As shown below, all of the security services offered by Nevis are implemented on top of an identity-aware network fabric that can enforce policies in the context of the user’s role.

 

This leads to revolutionary improvements in implementing compliance-based policies, and greatly streamlines the reporting and audit processes associated with those compliance initiatives. As everyone is well aware, most security and compliance policy requirements are closely aligned with an organization’s role definitions. Users associated with a specific group, job function, title, security clearance, or employee category generally are required to have access or be restricted from various activities on the network, per the policy. Mapping these policy rules to traditional network security tools, such as firewalls, or by setting up IP-specific VLANs has proven to be a futile effort because they do not reflect the desired policy. Nevis enforces access based on identity, so IT administrators can easily monitor and report on activity on a group by group or user by user basis.

Nevis allows the easy creation of policy-specific reports that readily map to the desirec compliance initiative, whether it be driven by Sarbanes-Oxley, HIPAA, PCI or other industry-specific requirement. Because the enforcement, monitoring and reporting are closely aligned with identity-driven compliance policies, responding to audit requests can generally be as easy as running the corresponding identity-based report. When your monitoring and reporting has visibilty to identity all the way through the process, activities are streamlined, time is saved, costs are reduced, and policies are more effective.

Many companies use COBiT or COSO as a guiding framework for compliance, requiring both broad and deep security controls – making Nevis the natural choice for LAN security compliance. The following table demonstrates how Nevis’ LANenforcer solution validates key control objectives common to regulatory frameworks such as COSO, CoBIT and ISO 17799 and mandates such as Visa PCI, HIPAA, and GLBA.

Control Objective Nevis LANenforcer Functionality
Access Control
  • Clientless endpoint admission with integrity check (NAC)
  • Integrated user, endpoint, network and application access control
  • 802.1X and Captive Portal user authentication
  • Encrypted access for confidential or regulated data
Threat Protection
  • Aggregates 6 detection mechanisms: stateful firewall, traffic anomaly, protocol anomaly and behavioral anomaly; Layer 2 security; automatic quarantine
  • Microsecond quarantine and remediation
  • Threat analysis researched and monitored 24×7 by Nevis Labs
Network, System & User Monitoring
  • Improved visibility of user access and activity
  • Increased control over user accountability
  • Multi-appliance, multi-site configuration and management simplifying operations and saving time
Incident Response Support
  • Powerful event correlation engine enables faster problem resolution and forensic analysis
  • Associates user identity, user location, IP address, port, and MAC address for faster pinpointing of root cause